Do the United States and China Need a Cybersecurity Hotline?

By Adam Segal

A red telephone for the Internet age, and four other ways digital security in the People's Republic could move ahead in 2013

U.S. Department of Homeland Security analysts work at the National Cybersecurity & Communications Integration Center (NCCIC) located just outside Washington in Arlington, Virginia. (Hyungwon Kang
)

New institutions/bureaucratic reform. There are
rumors that there will be another round of bureaucratic reforms in the
spring. Chinese analysts have pointed out that one of the great
weaknesses in their defenses is that institutional oversight of
cybersecurity is fragmented and ineffective, and there is a low degree
of information-sharing between the government and industry. There have
also been complaints that China lacks adequate strategic planning for
information security. In the past, efforts at ministerial reform have
been underwhelming, resulting in little more than shuffling around of
titles. This CCID report,
however, does make the interesting suggestion that China should set up
an "information security agency" to better coordinate cyber strategy.

New threats. Chinese security specialists, like
their counterparts in the rest of the world, are worried about the
growth of malware targeting smartphones and other mobile devices. Mobile
data traffic grew tenfold in 18 months in China, accounting for some 10 percent of total global Internet activity. This year China Mobile
established the country's largest information security center in
Beijing, and recently the Ministry of Industry and Information
Technology announced that it would regulate the Chinese app market.

More talking, little progress. After a steady stream
of announcements from U.S. officials that Chinese hackers were engaged
in the widespread theft of American intellectual property, cybersecurity
is now a topic of discussion at almost all high-level bilateral
meetings. It was on the agenda at the 2012 Security and Economic
Dialogue and was raised during Secretary of State Hillary Clinton's meeting with Foreign
Minister Yang Jiechi and U.S. Defense Secretary Leon Panetta's dialogue
with Defense Minister General Liang Guangjie. This month, at the 13th annual Defense Consultative Talks,
Jim Miller, U.S. undersecretary of defense for policy, and Lieutenant
General Qi Jianguo, deputy chief of the People's Liberation Army general
staff, stressed the need to avoid miscalculation on cyber, space,
nuclear, and missile defense issues. On the positive side, there have
been some articles
in the Chinese press suggesting the need for crisis communication
mechanisms, a hotline for the cyber age. On the negative side, all the
talking and "naming and shaming" appear to have had little or no impact
on the pace and scope of cyber espionage. In fact, the attacks are
accelerating, according to Rear Admiral Samuel Cox, former director of
intelligence for Cyber Command.

A coming cyber trade conflict? The report
by House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking
Member C.A. Dutch Ruppersberger (D-MD) on the national security issues
posed by Huawei and ZTE unleashed a torrent of stories in the Chinese
press on the cyber threat posed by Chinese dependence on Western
technology companies, and Cisco in particular (see this magazine cover,
for example, with Cisco as a snake). So far, the actual response has been fairly moderate. Some analysts have called for China to create a foreign investment review board, and China Unicom
reportedly replaced Cisco routers for security reasons, though American
industry analysts have told me that the move was scheduled for long
before the issuance of the report, and at any rate China Unicom replaced
Cisco with Nortel routers. Still, Huawei's problems continue to
multiply. India has said that it will examine the risks of using Huawei products, a European Commission report called for action against the company, and a British committee
is expected to find that the company poses a cybersecurity risk. If any
of these reports lead to trade or investment restrictions, the Chinese
government may have no choice but to respond with its own sanctions
against Western technology companies.

A two Internet world. A number of reports have
characterized the U.S., U.K., Canada and others' decision to walk away
from the World Conference on International Communications (WCIT) without
signing an updates to a 1988 treaty on international telecommunications
as the first clash in a digital cold war.
On one side, the U.S. and its allies said they could not sign the
treaty because they wanted to preserve the free, open model of Internet
governance. On the other, Russia, China and many Arab nations believe
that states should have a greater say in how the Internet is managed and
more ability to control the flow of information over networks. For
example, in response to the introduction of "human rights obligations"
in the proposed telecom treaty, the Chinese delegation noted that the
"security of the state" was an equally valid concern. The end of the
WCIT does not end the discussion, and we can expect Russia, China, and
other authoritarian states to continue to promote their state-centric
views of cybersecurity and Internet governance.